Act
Alert
FDR is equipped with several key alerting mechanisms including real-time alerts generated by 0day activity and retrospective alerts which identify 0day activity already present within a network environment.
Decorate
FDR operates against web, email, and network traffic. Email traffic deserves special attention, however, as it is the primary conduit where end-user interaction occurs. To that end, a key part of the FDR solution is email banners. Driven by thousands of signatures, thousands of heuristics, hundreds of ML-models, and dozens of technologies, banners provide simple, color-coded email risk indicators to users. Currently FDR supports roughly two dozen banners ranging from red (danger) to yellow (caution) - each tunable from terse to verbose. Banners are generated from InQuest's threat scoring algorithm and take into consideration customer-specific detection logic, threat intelligence, and integrations. Additionally, email banners help provide end-user awareness and training - effectively deploying a security engineer over the shoulder of each user.
Block
FDR has several blocking mechanisms. Emails and attachments can be blocked from delivery. Malicious web traffic can be blocked via ICAP cache/proxy. Network traffic can be blocked by invoking IPs and domains (via FDR GUI) to a third party IPS. As an example, a security analyst could see something he doesn't like in the FDR GUI, then instantly block an IP address (via FDR’s TippingPoint integration) for a prescribed period of time.